[dnsdist] documentation for "showDOHFrontends()" output
Remi Gacogne
remi.gacogne at powerdns.com
Wed Jun 12 13:25:40 UTC 2019
On 6/12/19 12:05 AM, Christoph wrote:
> We saw 400 Bad Request responses but the counter in the "Bad" column did
> not increase but I'll rerun the tests to make sure this was not caused
> by looking at the IPv4 counter stats while hitting the IPv6 frontend
> or vice versa.
Note that invalid HTTP queries will get a 400 before our DNS code even
get called, so you might indeed get 400 errors without the "Bad" counter
increasing.
>>
>> The "Errors" counters refers to invalid or rejected DNS queries:
>> - smaller than a minimal DNS header or the QR bit is set, or QDCOUNT is
>> equal to zero (noncompliant-queries in the regular stats should increase
>> accordingly);
>> - blocked by the ACL (acl-drops should increase) ;
>> - query is dropped by a rule (the counter of the corresponding rule
>> should increase) ;
>> - we encountered an error when sending the query to the selected backend
>> (downstream-send-errors should increase, as well the 'sendErrors'
>> counter of the corresponding backend).
>
> Thanks for writing this down. Are you implying that you currently
> respond with
> 500 Internal Server Error
> in all these "Error" cases? (which would be surprising, at least to me)
Yes, that's indeed the case with our current code and I agree we need to
handle that differently. I just opened [1] which I hope is a step in the
right direction. Comments welcome!
[1]: https://github.com/PowerDNS/pdns/pull/7917
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20190612/bd7aef80/attachment.sig>
More information about the dnsdist
mailing list